mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pull request 2277: AG-29637 Sign Windows 

Squashed commit of the following:

commit d22a4cb262
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 15:19:01 2024 +0300

    all: resolve tmp todos

commit 4574b050ba
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 14:55:44 2024 +0300

    bamboo: checkout later

commit 3036a46566
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 14:35:36 2024 +0300

    bamboo: list files

commit eb675abfc0
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 14:28:14 2024 +0300

    bamboo: work with vcs properly

commit 0c34b4dcfd
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 14:15:06 2024 +0300

    bamboo: add repo name var

commit 15da8e294f
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Sep 11 14:06:26 2024 +0300

    bamboo: upd api key

commit b1d353dbc3
Merge: 3309f0703 cbae07e8e
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Sep 10 19:29:29 2024 +0300

    Merge branch 'master' into AG-29637-sign-windows

commit 3309f07031
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Sep 10 19:09:44 2024 +0300

    all: only sign beta

commit f61af53a70
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Sep 10 15:32:31 2024 +0300

    all: sign windows
This commit is contained in:
Eugene Burkov 2024-09-11 19:39:54 +03:00
parent cbae07e8e6
commit a74c32f742
4 changed files with 64 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -23,6 +23,7 @@ VERBOSE.MACRO = $${VERBOSE:-0}
CHANNEL = development CHANNEL = development
CLIENT_DIR = client CLIENT_DIR = client
COMMIT = $$( git rev-parse --short HEAD ) COMMIT = $$( git rev-parse --short HEAD )
DEPLOY_SCRIPT_PATH = not/a/real/path
DIST_DIR = dist DIST_DIR = dist
GOAMD64 = v1 GOAMD64 = v1
GOPROXY = https://proxy.golang.org|direct GOPROXY = https://proxy.golang.org|direct
@ -37,6 +38,7 @@ NPM_INSTALL_FLAGS = $(NPM_FLAGS) --quiet --no-progress --ignore-engines\
--ignore-optional --ignore-platform --ignore-scripts --ignore-optional --ignore-platform --ignore-scripts
RACE = 0 RACE = 0
SIGN = 1 SIGN = 1
SIGNER_API_KEY = not-a-real-key
VERSION = v0.0.0 VERSION = v0.0.0
YARN = yarn YARN = yarn
@ -60,6 +62,7 @@ BUILD_RELEASE_DEPS_1 = go-deps
ENV = env\ ENV = env\
CHANNEL='$(CHANNEL)'\ CHANNEL='$(CHANNEL)'\
COMMIT='$(COMMIT)'\ COMMIT='$(COMMIT)'\
DEPLOY_SCRIPT_PATH='$(DEPLOY_SCRIPT_PATH)' \
DIST_DIR='$(DIST_DIR)'\ DIST_DIR='$(DIST_DIR)'\
GO="$(GO.MACRO)"\ GO="$(GO.MACRO)"\
GOAMD64='$(GOAMD64)'\ GOAMD64='$(GOAMD64)'\
@ -72,6 +75,7 @@ ENV = env\
PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\ PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
RACE='$(RACE)'\ RACE='$(RACE)'\
SIGN='$(SIGN)'\ SIGN='$(SIGN)'\
SIGNER_API_KEY='$(SIGNER_API_KEY)' \
NEXTAPI='$(NEXTAPI)'\ NEXTAPI='$(NEXTAPI)'\
VERBOSE="$(VERBOSE.MACRO)"\ VERBOSE="$(VERBOSE.MACRO)"\
VERSION="$(VERSION)"\ VERSION="$(VERSION)"\

10
bamboo-specs/release.yaml
View File

@ -91,6 +91,11 @@
'tasks': 'tasks':
- 'checkout': - 'checkout':
'force-clean-build': true 'force-clean-build': true
- 'checkout':
'repository': 'bamboo-deploy-publisher'
# The paths are always relative to the working directory.
'path': 'bamboo-deploy-publisher'
'force-clean-build': true
- 'script': - 'script':
'interpreter': 'SHELL' 'interpreter': 'SHELL'
'scripts': 'scripts':
@ -99,6 +104,9 @@
set -e -f -u -x set -e -f -u -x
# Explicitly checkout the revision that we need.
git checkout "${bamboo.repository.revision.number}"
# Run the build with the specified channel. # Run the build with the specified channel.
echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\ echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\
| awk '{ gsub(/\\n/, "\n"); print; }'\ | awk '{ gsub(/\\n/, "\n"); print; }'\
@ -107,6 +115,8 @@
make\ make\
CHANNEL=${bamboo.channel}\ CHANNEL=${bamboo.channel}\
GPG_KEY_PASSPHRASE=${bamboo.gpgPassword}\ GPG_KEY_PASSPHRASE=${bamboo.gpgPassword}\
DEPLOY_SCRIPT_PATH="./bamboo-deploy-publisher/deploy.sh"\
SIGNER_API_KEY="${bamboo.adguardHomeWinSignerSecretApiKey}"\
FRONTEND_PREBUILT=1\ FRONTEND_PREBUILT=1\
PARALLELISM=1\ PARALLELISM=1\
VERBOSE=2\ VERBOSE=2\

6
bamboo-specs/test.yaml
View File

@ -143,12 +143,6 @@
'other': 'other':
'clean-working-dir': true 'clean-working-dir': true
'tasks': 'tasks':
# TODO(e.burkov): Remove after test.
- 'checkout':
'repository': 'bamboo-deploy-publisher'
# The paths are always relative to the working directory.
'path': 'bamboo-deploy-publisher'
'force-clean-build': true
- 'checkout': - 'checkout':
'force-clean-build': true 'force-clean-build': true
- 'script': - 'script':

62
scripts/make/build-release.sh
View File

@ -83,11 +83,15 @@ if [ "$sign" -eq '1' ]
then then
gpg_key_passphrase="${GPG_KEY_PASSPHRASE:?please set GPG_KEY_PASSPHRASE or unset SIGN}" gpg_key_passphrase="${GPG_KEY_PASSPHRASE:?please set GPG_KEY_PASSPHRASE or unset SIGN}"
gpg_key="${GPG_KEY:?please set GPG_KEY or unset SIGN}" gpg_key="${GPG_KEY:?please set GPG_KEY or unset SIGN}"
signer_api_key="${SIGNER_API_KEY:?please set SIGNER_API_KEY or unset SIGN}"
deploy_script_path="${DEPLOY_SCRIPT_PATH:?please set DEPLOY_SCRIPT_PATH or unset SIGN}"
else else
gpg_key_passphrase='' gpg_key_passphrase=''
gpg_key='' gpg_key=''
signer_api_key=''
deploy_script_path=''
fi fi
readonly gpg_key_passphrase gpg_key readonly gpg_key_passphrase gpg_key signer_api_key deploy_script_path
# The default distribution files directory is dist. # The default distribution files directory is dist.
dist="${DIST_DIR:-dist}" dist="${DIST_DIR:-dist}"
@ -149,6 +153,50 @@ windows amd64 - -
windows arm64 - -" windows arm64 - -"
readonly platforms readonly platforms
# Function sign signs the specified build as intended by the target operating
# system.
sign() {
# Only sign if needed.
if [ "$sign" -ne '1' ]
then
return
fi
# Get the arguments. Here and below, use the "sign_" prefix for all
# variables local to function sign.
sign_os="$1"
sign_bin_path="$2"
if [ "$sign_os" != 'windows' ]
then
gpg\
--default-key "$gpg_key"\
--detach-sig\
--passphrase "$gpg_key_passphrase"\
--pinentry-mode loopback\
-q\
"$sign_bin_path"\
;
return
# TODO(e.burkov): Enable for all releases.
elif [ "$channel" != 'beta' ]
then
return
fi
signed_bin_path="${sign_bin_path}.signed"
env\
INPUT_FILE="$sign_bin_path"\
OUTPUT_FILE="$signed_bin_path"\
SIGNER_API_KEY="$signer_api_key"\
"$deploy_script_path" sign-executable\
;
mv "$signed_bin_path" "$sign_bin_path"
}
# Function build builds the release for one platform. It builds a binary and an # Function build builds the release for one platform. It builds a binary and an
# archive. # archive.
build() { build() {
@ -189,17 +237,7 @@ build() {
log "$build_output" log "$build_output"
if [ "$sign" -eq '1' ] sign "$os" "$build_output"
then
gpg\
--default-key "$gpg_key"\
--detach-sig\
--passphrase "$gpg_key_passphrase"\
--pinentry-mode loopback\
-q\
"$build_output"\
;
fi
# Prepare the build directory for archiving. # Prepare the build directory for archiving.
cp ./CHANGELOG.md ./LICENSE.txt ./README.md "$build_dir" cp ./CHANGELOG.md ./LICENSE.txt ./README.md "$build_dir"